Ask the Expert

HIM – Guide to Patient Privacy

You arrive at your neighborhood pharmacy, and your doctor’s office has sent over some of your medical information. Your pharmacist cheerfully explains that your records will help him determine which brand of prescription drugs is best for your condition. The records were sent electronically, so the information is on the computer monitor even before you step up to the counter.

Convenient? Perhaps. Unfortunately, it’s also illegal. Under the Health Insurance Portability and Accountability Act of 1996 (HIPAA), such exchanges are prohibited – and with good reason. Careless disclosure of medical information can violate a patient’s basic rights and lead to discrimination.

“The challenge is how we protect patient's privacy while moving towards a national health information network (NHIN)...that is built upon interoperability...data exchange and dta sharing among providers...among institutions and among states.” …Mervat Abdelhak, Department Chairman and Associate Professor, Health Information Management

Rules that prohibit sharing personal health information with a pharmacist are just part of the HIPAA regulations, sweeping changes that were put into effect in April 2003. Underlying these new rules is the charge that individually identifiable information be used only to improve the quality of your health care and for nothing else.

We in the department of Health Information Management (HIM) have always had those concerns in mind. Part of our mission is to make sure hospitals and health care providers have the most up-to-date information about patients so they can provide the best care possible. When critical information is available, patients enjoy better outcomes.

Another part of our job is looking out for the patient. Just as we make sure that medical records are available, so do we create systems that safeguard privacy. It’s a tricky balance, especially as technology makes all information more accessible. What can you do? Above all, know your rights. Speak up when you have a question or when something is unclear or doesn’t seem right. The following are some key provisions of HIPAA.

Know what’s in your records

You have the right to request and review copies of your medical records. If you identify any errors, you can request a correction. (Your health care provider might charge you for the cost of copying and mailing the records.)

Stay informed

Your health care provider is required to provide you with written notice of your rights and their privacy procedures. Often this information is presented when you first arrive at the doctor’s office for your appointment.

Know what can be shared

Doctors, nurses and other practitioners can share certain information with each other to ensure quality treatment. However, individually identifiable information may not be shared with life insurance companies, banks, marketing firms or outside businesses for purposes not related to health care.

Make sure conversations remain confidential

You have the right to make reasonable requests to ensure the confidentiality of phone calls and other conversations between you and your doctor. For example, you can ask your doctor’s office to call you at home rather than at work, or vice versa.

Speak up if you suspect a violation

If you feel that your health care provider or other entity has violated HIPAA regulations, you may file a formal complaint. You may choose to file the complaint directly with your provider or health plan, or you may instead choose to file the complaint with the Department of Health and Humans Services’ Office of Civil Rights. Click here for more information, visit or call 1-866-627-7748.

Learn more! Several online resources provide more detailed information about HIPAA and your rights as a patient: